Today there are widespread rumors that hackers might have discovered over 200 million Apple iCloud passwords. It’s not clear whether the information is valid or if it’s only a hoax. We just don’t have enough details at this point. Supposedly hackers are giving Apple until April 7 to respond, almost 3 weeks. If hackers have indeed gotten a copy of the iCloud credentials, we should not count on the 3 week timeline. They may use them anytime. Here are two things you can do to mitigate risks if you have a Mac or iOS device:
- Update your password and enable two-factor authentication. Enabling two-factor authentication is the quickest and easiest thing to do. Even if your password leaked into the public, without the second factor your iCloud account will not be accessible. It is still a good idea to update your password, in which case, make sure you write down the new one somewhere safe in case you forget it.
- Did you use your iCloud password for other sites? Password reuse is extremely common. If hackers know your email or login and your iCloud password is the same for other websites they could attempt to use it on a variety of sites. That’s where it is more secure to use a password manager. With password managers you can set things up such that you never use one password in more than one website. That way there is no contagion effect to your other credentials. If you did use your iCloud password for other sites you should update these as well.